opinion

Will Visa's Recent Fraud Alert Lead to Tighter Merchant Scrutiny?

Stephen Yagielowicz
Visa's recent warning to banks and payment processors of an impending fraudulent action stemming from Eastern Europe is leading to renewed calls for enhanced scrutiny of the merchants that process credit and debit cards.

The warning comes on the heels of an intelligence report from an unnamed "third-party entity indicating that a criminal group has plans to execute a large batch settlement fraud scheme."

A variety of global intelligence agencies routinely share information gathered from unrelated investigations with relevant corporate entities, and while several high-profile investigations of adult companies and their billing practices are ongoing, there has been no disclosure of how and where the information about this scheme had been obtained by Visa.

"The criminals claimed to have access to account numbers and the ability to submit a large batch settlement upload to occur over a weekend," the Visa warning states, adding that it does not have any information as to when the fraudulent settlement activity may occur, only that the merchant account is associated with a bank in Eastern Europe.

Batch settlements are routinely performed as a means of forwarding the day's credit card transactions to the merchant's acquiring bank in a batch, rather than individually.

It is the responsibility of the acquiring bank to approve the merchant for processing — an approval process that many stakeholders are hoping will become more stringent in the face of these massive fraud attempts. This of course would hamper the smaller, often sole-proprietorship driven adult website owner attempting to secure processing for his or her new venture — especially for those operators located outside of the United States.

Visa says that after being notified of the threat, it "immediately implemented monitoring of large settlement activity for banks located in Eastern Europe," although it has yet to see any abnormal or large settlement activity and it is unclear why this level of monitoring was not standard operating procedure.

"Although the source of the information is reliable, the information that Visa has received coming forward so far is limited," the Visa warning continued. "Visa suspects that this scheme may be linked to a consortium of online merchants that have been trying to secure processing arrangements after being shut down at several acquirers across many geographies."

With some reports speculating that this criminal consortium may involve adult and other high-risk merchants, you can be certain that more transparency will be demanded on the part of adult merchants by those acquiring banks still willing to underwrite them. Measures such as requiring extended SSL certification and a much more robust merchant background check are being discussed, but these may prove largely ineffective against the organized criminal gangs the current Visa warning seeks to address.

Visa is also telling financial institutions and credit card processors that "immediate action must be taken to investigate, limit the exposure of cardholder data, notify Visa, report investigation findings, and inform your local FBI office or local law enforcement," if this form of activity is detected.